Changes - j0ke.net Open Build Service

Changes of Revision 2

[-] [+]	Added	rubygem-actionpack-2_0.changes
@@ -0,0 +1,201 @@ +------------------------------------------------------------------- +Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de + +- update to version 1.13.6 + * Correct Broken Fix for session_fixation attacks + * Ensure that cookies handle array values correctly. + Closes #9937 [queso] +- branch new packge rubygem-actionpack-1_13 to allow parallel + installation of multiple major branches +- removed rubygem-actionpack-1.13.x_session_fixation_attack.patch + included in update + +------------------------------------------------------------------- +Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de + +- updated rubygem-actionpack-1.13.x_session_fixation_attack.patch + new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch: + The original upstream patch only worked for the first request. + Do not delete the cookie_only option from the session options. + (#332441) (CVE-2007-6077) + +------------------------------------------------------------------- +Wed Oct 17 16:48:01 CEST 2007 - mrueckert@suse.de + +- added rubygem-actionpack-1.13.x_session_fixation_attack.patch: + Reject session informations from the query string (#332441) + (CVE-2007-5380) + +------------------------------------------------------------------- +Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de + +- update to version 1.13.5 + * Backport: allow array and hash query parameters. Array route + parameters are converted/to/a/path as before. + #6765, #7047, #7462 + [bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou] + * Fix in place editor's setter action with non-string fields. + #7418 [Andreas] +- additional changes from version 1.13.4 + * Only accept session ids from cookies, prevents session fixation + attacks. [bradediger] (CVE-2007-5380) (bnc #332441) + * Change the resource seperator from ; to / change the generated + routes to use the new-style named routes. e.g. + new_group_user_path(@group) instead of + group_new_user_path(@group). [pixeltrix] + * Integration tests: introduce methods for other HTTP methods. + #6353 [caboose] + * Improve performance of action caching. Closes #8231 [skaes] + * Fix errors with around_filters which do not yield, restore 1.1 + behaviour with after filters. Closes #8891 [skaes] + After filters will no longer be run if an around_filter fails + to yield, users relying on this behaviour are advised to put + the code in question after a yield statement in an around + filter. + * Allow you to delete cookies with options. + Closes #3685 [josh, Chris Wanstrath] + * Deprecate pagination. Install the classic_pagination + plugin for forward compatibility, or move to the superior + will_paginate plugin. #8157 [Mislav Marohnic] + * Fix filtered parameter logging with nil parameter values. + #8422 [choonkeat] + * Integration tests: alias xhr to xml_http_request and add a + request_method argument instead of always using POST. + #7124 [Nik Wakelin, Francois Beausoleil, Wizard] + * Document caches_action. #5419 [Jarkko Laine] + * observe_form always sends the serialized form. + #5271 [manfred, normelton@gmail.com] + * Update UrlWriter to accept :anchor parameter. + Closes #6771. [octopod] + * Replace the current block/continuation filter chain handling by + an implementation based on a simple loop. + Closes #8226 [Stefan Kaes] + * Return the string representation from an Xml Builder when + rendering a partial. #5044 [tpope] + * Cleaned up, corrected, and mildly expanded ActionPack + documentation. Closes #7190 [jeremymcanally] + * Small collection of ActionController documentation cleanups. + Closes #7319 [jeremymcanally] + * Performance: patch cgi/session/pstore to require digest/md5 + once rather than per #initialize. #7583 [Stefan Kaes] + * Deprecation: verification with :redirect_to => :named_route + shouldn't be deprecated. #7525 [Justin French] + +------------------------------------------------------------------- +Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de + +- update to version 1.13.3: + * Fix a bug in Routing where a parameter taken from the path of + the current request could not be used as a query parameter for + the next. #6752 [Nicholas Seckar] + * session_enabled? works with session :off. #6680 [Catfish] + * Performance: patch cgi/session to require digest/md5 once + rather than per #create_new_id. [Stefan Kaes] +- additional changes from 1.13.2: + * Add much-needed html-scanner tests. Fixed CDATA parsing bug. + [Rick] + * improve error message for Routing for named routes. + [Rob Sanheim] + * Added enhanced docs to routing assertions. [Rob Sanheim] + * fix form_for example in ActionController::Resources + documentation. [gnarg] + * Add singleton resources from trunk [Rick Olson] + * select :multiple => true suffixes the attribute name with [] + unless already suffixed. #6977 [nik.kakelin, ben, julik] + * Improve routes documentation. #7095 [zackchandler] + * Resource member routes require :id, eliminating the ambiguous + overlap with collection routes. #7229 [dkubb] + * Fixed NumberHelper#number_with_delimiter to use "." always + for splitting the original number, not the delimiter + parameter #7389 [ceefour] + * Autolinking recognizes trailing and embedded . , : ; + #7354 [Jarkko Laine] + * Make TextHelper::auto_link recognize URLs with colons in + path correctly, fixes #7268. [imajes] + * Improved auto_link to match more valid urls correctly + [Tobias Luetke] + +------------------------------------------------------------------- +Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de + +- update to version 1.13.1: + update for rails 1.2.1. Too many changes to mention them here. + see /usr/lib/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG + +------------------------------------------------------------------- +Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de + +- update to version 1.12.5: + update for the previous security fix + +------------------------------------------------------------------- +Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de + +- update to version 1.12.4: + * Documentation fix: integration test scripts don't require + integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>] + * ActionController::Base Summary documentation rewrite. + (rails:#4900) [kevin.clark@gmail.com] + * Fix text_helper.rb documentation rendering. + (rails:#4725) [Frederick Ros] + * Fixes bad rendering of JavaScriptMacrosHelper rdoc. + (rails:#4910) [Frederick Ros] + * Enhance documentation for setting headers in integration tests. + Skip auto HTTP prepending when its already there. + (rails:#4079) [Rick Olson] + * Documentation for AbstractRequest. + (rails:#4895) [kevin.clark@gmail.com] + * Remove all remaining references to @params in the documentation. + [Marcel Molina Jr.] + * Add documentation for redirect_to :back's RedirectBackError + exception. [Marcel Molina Jr.] + * Update layout and content_for documentation to use yield rather + than magic @content_for instance variables. [Marcel Molina Jr.] + * Cache CgiRequest#request_parameters so that multiple calls + don't re-parse multipart data. [Rick] + * Fixed that remote_form_for can leave out the object parameter + and default to the instance variable of the object_name, + just like form_for [DHH] + * Added ActionController.filter_parameter_logging that makes it + easy to remove passwords, credit card numbers, and other + sensitive information from being logged when a request is + handled. (rails:#1897) [jeremye@bsa.ca.gov] + * Fixed that real files and symlinks should be treated the same + when compiling templates. + (rails:#5438) [zachary@panandscan.com] + * Add :status option to send_data and send_file. Defaults to + '200 OK'. (rails:#5243) + [Manfred Stienstra <m.stienstra@fngtps.com>] + * Update documentation for erb trim syntax. + (rails:#5651) [matt@mattmargolis.net] + * Short documentation to mention use of Mime::Type.register. + (rails:#5710) [choonkeat@gmail.com] + +------------------------------------------------------------------- +Sat Jul 1 04:21:38 CEST 2006 - mrueckert@suse.de + +- update to version 1.12.3: + * Fix broken traverse_to_controller. We now: + Look for a _controller.rb file under RAILS_ROOT to load. + If we find it, we require_dependency it and return the + controller it defined. (If none was defined we stop looking.) + If we don't find it, we look for a .rb file under RAILS_ROOT + to load. If we find it, and it loads a constant we keep + looking. Otherwise we check to see if a directory of the same + name exists, and if it does we create a module for it. + * Refinement to avoid exceptions in traverse_to_controller. + * (Hackish) Fix loading of arbitrary files in Ruby's load path + * by traverse_to_controller. [Nicholas Seckar] + +------------------------------------------------------------------- +Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de + +- use rubygems_with_buildroot_patch instead of the versioned + buildrequires + +------------------------------------------------------------------- +Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de + +- Initial package version 1.12.1 x 1 @@ -0,0 +1,201 @@ 2 +------------------------------------------------------------------- 3 +Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de 4 + 5 +- update to version 1.13.6 6 + * Correct Broken Fix for session_fixation attacks 7 + * Ensure that cookies handle array values correctly. 8 + Closes #9937 [queso] 9 +- branch new packge rubygem-actionpack-1_13 to allow parallel 10 + installation of multiple major branches 11 +- removed rubygem-actionpack-1.13.x_session_fixation_attack.patch 12 + included in update 13 + 14 +------------------------------------------------------------------- 15 +Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de 16 + 17 +- updated rubygem-actionpack-1.13.x_session_fixation_attack.patch 18 + new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch: 19 + The original upstream patch only worked for the first request. 20 + Do not delete the cookie_only option from the session options. 21 + (#332441) (CVE-2007-6077) 22 + 23 +------------------------------------------------------------------- 24 +Wed Oct 17 16:48:01 CEST 2007 - mrueckert@suse.de 25 + 26 +- added rubygem-actionpack-1.13.x_session_fixation_attack.patch: 27 + Reject session informations from the query string (#332441) 28 + (CVE-2007-5380) 29 + 30 +------------------------------------------------------------------- 31 +Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de 32 + 33 +- update to version 1.13.5 34 + * Backport: allow array and hash query parameters. Array route 35 + parameters are converted/to/a/path as before. 36 + #6765, #7047, #7462 37 + [bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou] 38 + * Fix in place editor's setter action with non-string fields. 39 + #7418 [Andreas] 40 +- additional changes from version 1.13.4 41 + * Only accept session ids from cookies, prevents session fixation 42 + attacks. [bradediger] (CVE-2007-5380) (bnc #332441) 43 + * Change the resource seperator from ; to / change the generated 44 + routes to use the new-style named routes. e.g. 45 + new_group_user_path(@group) instead of 46 + group_new_user_path(@group). [pixeltrix] 47 + * Integration tests: introduce methods for other HTTP methods. 48 + #6353 [caboose] 49 + * Improve performance of action caching. Closes #8231 [skaes] 50 + * Fix errors with around_filters which do not yield, restore 1.1 51 + behaviour with after filters. Closes #8891 [skaes] 52 + After filters will no longer be run if an around_filter fails 53 + to yield, users relying on this behaviour are advised to put 54 + the code in question after a yield statement in an around 55 + filter. 56 + * Allow you to delete cookies with options. 57 + Closes #3685 [josh, Chris Wanstrath] 58 + * Deprecate pagination. Install the classic_pagination 59 + plugin for forward compatibility, or move to the superior 60 + will_paginate plugin. #8157 [Mislav Marohnic] 61 + * Fix filtered parameter logging with nil parameter values. 62 + #8422 [choonkeat] 63 + * Integration tests: alias xhr to xml_http_request and add a 64 + request_method argument instead of always using POST. 65 + #7124 [Nik Wakelin, Francois Beausoleil, Wizard] 66 + * Document caches_action. #5419 [Jarkko Laine] 67 + * observe_form always sends the serialized form. 68 + #5271 [manfred, normelton@gmail.com] 69 + * Update UrlWriter to accept :anchor parameter. 70 + Closes #6771. [octopod] 71 + * Replace the current block/continuation filter chain handling by 72 + an implementation based on a simple loop. 73 + Closes #8226 [Stefan Kaes] 74 + * Return the string representation from an Xml Builder when 75 + rendering a partial. #5044 [tpope] 76 + * Cleaned up, corrected, and mildly expanded ActionPack 77 + documentation. Closes #7190 [jeremymcanally] 78 + * Small collection of ActionController documentation cleanups. 79 + Closes #7319 [jeremymcanally] 80 + * Performance: patch cgi/session/pstore to require digest/md5 81 + once rather than per #initialize. #7583 [Stefan Kaes] 82 + * Deprecation: verification with :redirect_to => :named_route 83 + shouldn't be deprecated. #7525 [Justin French] 84 + 85 +------------------------------------------------------------------- 86 +Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de 87 + 88 +- update to version 1.13.3: 89 + * Fix a bug in Routing where a parameter taken from the path of 90 + the current request could not be used as a query parameter for 91 + the next. #6752 [Nicholas Seckar] 92 + * session_enabled? works with session :off. #6680 [Catfish] 93 + * Performance: patch cgi/session to require digest/md5 once 94 + rather than per #create_new_id. [Stefan Kaes] 95 +- additional changes from 1.13.2: 96 + * Add much-needed html-scanner tests. Fixed CDATA parsing bug. 97 + [Rick] 98 + * improve error message for Routing for named routes. 99 + [Rob Sanheim] 100 + * Added enhanced docs to routing assertions. [Rob Sanheim] 101 + * fix form_for example in ActionController::Resources 102 + documentation. [gnarg] 103 + * Add singleton resources from trunk [Rick Olson] 104 + * select :multiple => true suffixes the attribute name with [] 105 + unless already suffixed. #6977 [nik.kakelin, ben, julik] 106 + * Improve routes documentation. #7095 [zackchandler] 107 + * Resource member routes require :id, eliminating the ambiguous 108 + overlap with collection routes. #7229 [dkubb] 109 + * Fixed NumberHelper#number_with_delimiter to use "." always 110 + for splitting the original number, not the delimiter 111 + parameter #7389 [ceefour] 112 + * Autolinking recognizes trailing and embedded . , : ; 113 + #7354 [Jarkko Laine] 114 + * Make TextHelper::auto_link recognize URLs with colons in 115 + path correctly, fixes #7268. [imajes] 116 + * Improved auto_link to match more valid urls correctly 117 + [Tobias Luetke] 118 + 119 +------------------------------------------------------------------- 120 +Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de 121 + 122 +- update to version 1.13.1: 123 + update for rails 1.2.1. Too many changes to mention them here. 124 + see /usr/lib/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG 125 + 126 +------------------------------------------------------------------- 127 +Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de 128 + 129 +- update to version 1.12.5: 130 + update for the previous security fix 131 + 132 +------------------------------------------------------------------- 133 +Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de 134 + 135 +- update to version 1.12.4: 136 + * Documentation fix: integration test scripts don't require 137 + integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>] 138 + * ActionController::Base Summary documentation rewrite. 139 + (rails:#4900) [kevin.clark@gmail.com] 140 + * Fix text_helper.rb documentation rendering. 141 + (rails:#4725) [Frederick Ros] 142 + * Fixes bad rendering of JavaScriptMacrosHelper rdoc. 143 + (rails:#4910) [Frederick Ros] 144 + * Enhance documentation for setting headers in integration tests. 145 + Skip auto HTTP prepending when its already there. 146 + (rails:#4079) [Rick Olson] 147 + * Documentation for AbstractRequest. 148 + (rails:#4895) [kevin.clark@gmail.com] 149 + * Remove all remaining references to @params in the documentation. 150 + [Marcel Molina Jr.] 151 + * Add documentation for redirect_to :back's RedirectBackError 152 + exception. [Marcel Molina Jr.] 153 + * Update layout and content_for documentation to use yield rather 154 + than magic @content_for instance variables. [Marcel Molina Jr.] 155 + * Cache CgiRequest#request_parameters so that multiple calls 156 + don't re-parse multipart data. [Rick] 157 + * Fixed that remote_form_for can leave out the object parameter 158 + and default to the instance variable of the object_name, 159 + just like form_for [DHH] 160 + * Added ActionController.filter_parameter_logging that makes it 161 + easy to remove passwords, credit card numbers, and other 162 + sensitive information from being logged when a request is 163 + handled. (rails:#1897) [jeremye@bsa.ca.gov] 164 + * Fixed that real files and symlinks should be treated the same 165 + when compiling templates. 166 + (rails:#5438) [zachary@panandscan.com] 167 + * Add :status option to send_data and send_file. Defaults to 168 + '200 OK'. (rails:#5243) 169 + [Manfred Stienstra <m.stienstra@fngtps.com>] 170 + * Update documentation for erb trim syntax. 171 + (rails:#5651) [matt@mattmargolis.net] 172 + * Short documentation to mention use of Mime::Type.register. 173 + (rails:#5710) [choonkeat@gmail.com] 174 + 175 +------------------------------------------------------------------- 176 +Sat Jul 1 04:21:38 CEST 2006 - mrueckert@suse.de 177 + 178 +- update to version 1.12.3: 179 + * Fix broken traverse_to_controller. We now: 180 + Look for a _controller.rb file under RAILS_ROOT to load. 181 + If we find it, we require_dependency it and return the 182 + controller it defined. (If none was defined we stop looking.) 183 + If we don't find it, we look for a .rb file under RAILS_ROOT 184 + to load. If we find it, and it loads a constant we keep 185 + looking. Otherwise we check to see if a directory of the same 186 + name exists, and if it does we create a module for it. 187 + * Refinement to avoid exceptions in traverse_to_controller. 188 + * (Hackish) Fix loading of arbitrary files in Ruby's load path 189 + * by traverse_to_controller. [Nicholas Seckar] 190 + 191 +------------------------------------------------------------------- 192 +Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de 193 + 194 +- use rubygems_with_buildroot_patch instead of the versioned 195 + buildrequires 196 + 197 +------------------------------------------------------------------- 198 +Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de 199 + 200 +- Initial package version 1.12.1 201